ecf7a4f0c6
We add `Access-Control-Allow-Origin: *` to all asset requests which are requested via a configured CDN. This is particularly important now that we're using browser-native `import()` to load the highlightjs bundle. Unfortunately, user-configurable 'cors_origins' site setting was overriding the wldcard value on CDN assets and causing CORS errors. This commit updates the logic to give the `*` value precedence, and adds a spec for the situation. It also invalidates the cache of hljs assets (because CDNs will have cached the bad Access-Control-Allow-Origin header). The rack-cors middleware is also slightly tweaked so that it is always inserted. This makes things easier to test and more consistent. |
||
|---|---|---|
| .. | ||
| 000-development_reload_warnings.rb | ||
| 000-mini_sql.rb | ||
| 000-post_migration.rb | ||
| 000-trace_pg_connections.rb | ||
| 000-zeitwerk.rb | ||
| 001-redis.rb | ||
| 002-freedom_patches.rb | ||
| 002-rails_failover.rb | ||
| 004-message_bus.rb | ||
| 005-site_settings.rb | ||
| 006-ensure_login_hint.rb | ||
| 006-mini_profiler.rb | ||
| 008-rack-cors.rb | ||
| 009-omniauth.rb | ||
| 012-web_hook_events.rb | ||
| 013-excon_defaults.rb | ||
| 014-track-setting-changes.rb | ||
| 099-anon-cache.rb | ||
| 099-drain_pool.rb | ||
| 100-i18n.rb | ||
| 100-logster.rb | ||
| 100-oj.rb | ||
| 100-onebox_options.rb | ||
| 100-push-notifications.rb | ||
| 100-quiet_logger.rb | ||
| 100-regex-timeout.rb | ||
| 100-secret_token.rb | ||
| 100-session_store.rb | ||
| 100-sidekiq.rb | ||
| 100-silence_logger.rb | ||
| 100-strong_parameters.rb | ||
| 100-verify_config.rb | ||
| 100-wrap_parameters.rb | ||
| 101-lograge.rb | ||
| 102-truncate-logs.rb | ||
| 200-first_middlewares.rb | ||
| 300-perf.rb | ||
| 400-deprecations.rb | ||
| assets.rb | ||
| filter_parameter_logging.rb | ||
| new_framework_defaults_7_0.rb | ||